Web-based malware attacks growing at an astonishing rate
Dasient, the web security firm founded by ex-Google staffers that launched in June of this year, have published a blog post which shows just how dangerous a place the web is becoming.
If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.
According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.
If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.
According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.
Do different methods account for the big change? Not so much, says Dasient. The rapid rate of growth in threats is borne out by the parallel growth of blacklists maintained by companies like Google.
Dasient notes four common weaknesses that are being exploited: compromised FTP credentials, server-side vulnerabilities, unpatched or unknown web application vulnerabilities, and ad networks (even unknowingly) serving malicious ads.
The best "poisoned" advertising example to date would have to be the New York Times website, which was unwittingly serving malicious links just a few weeks ago. The incident underscored just how big a problem this has become. You no longer have to be looking for cracked or pirated software, illegal music, or pornographic pictures and videos to be at risk. Mainstream sites are being targeted, putting even more users at risk.
It's more important than ever to make sure you protect yourself. If you're using Windows, arm yourself with a good antivirus and security tools. Linux and Mac users - yes, you're safe for now from most of these threats but certain attacks - like phishing - can effect you, too. Keep your web browser, plugins, and OS fully updated, and make sure you know what you're clicking before you click it.
For users on any operating system the free WebOfTrust add-on for Firefox, IE, and Google Chrome (read more about the WOT add-on) can help defend you against malicious links and site. It's well worth installing, especially on a Web that is under siege by malware.
